diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile index 1f6018e06..53522aaed 100644 --- a/infra/base-images/base-builder/Dockerfile +++ b/infra/base-images/base-builder/Dockerfile @@ -125,7 +125,7 @@ WORKDIR $SRC RUN git clone https://github.com/AFLplusplus/AFLplusplus.git aflplusplus && \ cd aflplusplus && \ - git checkout ef77d552e9b89852b293c300a5a9a9c617945f43 && \ + git checkout c5117b42cab9f47448a7f3cfe3edae6708d32528 && \ wget --no-check-certificate -O oss.sh https://raw.githubusercontent.com/vanhauser-thc/binary_blobs/master/oss.sh && \ chmod 755 oss.sh diff --git a/infra/base-images/base-builder/compile_afl b/infra/base-images/base-builder/compile_afl index 9275fd114..321d02915 100644 --- a/infra/base-images/base-builder/compile_afl +++ b/infra/base-images/base-builder/compile_afl @@ -15,6 +15,9 @@ # ################################################################################ +# In emergencies where afl++'s own compiler fails set this to "1": +export AFL_LLVM_MODE_WORKAROUND=0 + # AFL++ setup echo "Copying precompiled AFL++" @@ -34,6 +37,8 @@ export CXX="$SRC/aflplusplus/afl-clang-fast++" export AFL_QUIET=1 # No leak errors during builds. export ASAN_OPTIONS="detect_leaks=0:symbolize=0:detect_odr_violation=0:abort_on_error=1" +# Do not abort on any problems (because this is during build where it is ok) +export AFL_IGNORE_PROBLEMS=1 # No complain on unknown AFL environment variables export AFL_IGNORE_UNKNOWN_ENVS=1 @@ -44,7 +49,6 @@ env | egrep -q '^AFL_SKIP_OSSFUZZ=' || { # The variables need to be set to "1" here - or before running this script. # AFL++ configuration options. - export AFL_LLVM_MODE_WORKAROUND=0 export AFL_ENABLE_DICTIONARY=0 export AFL_ENABLE_CMPLOG=1 export AFL_LAF_CHANCE=5 diff --git a/infra/base-images/base-runner/run_fuzzer b/infra/base-images/base-runner/run_fuzzer index cda877cf1..97213279e 100755 --- a/infra/base-images/base-runner/run_fuzzer +++ b/infra/base-images/base-runner/run_fuzzer @@ -113,20 +113,28 @@ if [[ "$FUZZING_ENGINE" = afl ]]; then export AFL_FAST_CAL=1 export AFL_CMPLOG_ONLY_NEW=1 export AFL_FORKSRV_INIT_TMOUT=30000 + export AFL_IGNORE_PROBLEMS=1 + export AFL_IGNORE_UNKNOWN_ENVS=1 + # If $OUT/afl_cmplog.txt is present this means the target was compiled for # CMPLOG. So we have to add the proper parameters to afl-fuzz. test -e "$OUT/afl_cmplog.txt" && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -c $OUT/$FUZZER" + # If $OUT/afl++.dict we load it as a dictionary for afl-fuzz. test -e "$OUT/afl++.dict" && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -x $OUT/afl++.dict" + # Ensure timeout is a bit larger than 1sec as some of the OSS-Fuzz fuzzers # are slower than this. AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -t 5000+" + # AFL expects at least 1 file in the input dir. echo input > ${CORPUS_DIR}/input + + CMD_LINE="$OUT/afl-fuzz $AFL_FUZZER_ARGS -i $CORPUS_DIR -o $FUZZER_OUT $(get_dictionary) $* -- $OUT/$FUZZER" + echo afl++ setup: env|grep AFL_ cat "$OUT/afl_options.txt" - CMD_LINE="$OUT/afl-fuzz $AFL_FUZZER_ARGS -i $CORPUS_DIR -o $FUZZER_OUT $(get_dictionary) $* -- $OUT/$FUZZER" elif [[ "$FUZZING_ENGINE" = honggfuzz ]]; then